"Jason Rangle" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> We just got a firewall and want to add it to our network. We have PAT
setup
> on our Cisco router handling about 5 IP addresses. I am going to be
putting
IP#s are Layer3,..PAT is Layer4,...so what you are really doing is "Static
NAT" (aka Reverse NAT). PAT only deals with port numbers and only runs on
top of Static NAT,...PAT wouldn't know what an IP# was if it tripped over
one.
If the Port#s are the same on both ends then you are doing only Static NAT:
192.168.1.25:8080 <--->21.45.128.46:8080
If the port#s are different at each end then you are doing Static NAT
combined with PAT:
192.168.1.25:8080 <--->21.45.128.46:8072
PAT does for the Port#s what NAT does for the IP#s.
> a couple of public boxes on the DMZ and would like to ask a few questions.
>
> I am going to want to setup DNS on a box in the DMZ. But I don't know how
> someone will be able to get to anything inside my firewall since the DMZ
> will be an internal IP address scheme and same with the LAN. I could just
> add some A records to resolve www, smtp, etc... to an external IP address,
Your "outer firewall" will have to use Static NAT to pass traffic back to
the correct Server. DNS is worthless in this case. *Everything* is
controlled by the "outer" firewall" and directs the request based on the how
the user made the request. Whatever you may discover that the firewall is
not capable of doing or "differenciating" then you won't be able to do
whatever that is. In other words you can only do what the firewall was
designed to do. Nothing that is behind the firewall can have any effect on
the user because they are in two different "worlds".
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
Similar Threads
Linear Mode
